-
Notifications
You must be signed in to change notification settings - Fork 996
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Whisk (SSLE) with Curdleproofs - rebased #3342
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @dapplion!
should I also drop changes to setup.py? We can merge the spec not executable first, and make executable latter. In parallel propose improvements to nalinbhardwaj:whisk-curdleproofs and add spec tests
I think given the complexity of this feature, it's good to have some basic reviews now since we can only review it line by line in this PR.
Therefore, I pushed some fixes based on the linter errors. The only remaining linter error is "undefined name 'WhiskTrackerProof'".
I think for this PR, the goals can be set to (i) make linter pass and (ii) review the whisk logic. 👍 on adding tests in later PRs.
|
ACK. Makes sense. Will do a review here either this or next week. |
This is now merged. I guess if we rebase this on top, the tests will not fail anymore? |
@asn-d6: As discussed, I fixed a few bugs along the way but likely also introduced some bugs :)
This PR changes the Whisk tracker format to be of the form `(r * pubkey, r * BLS_GT_GENERATOR)` instead of `(r * k * BLS_G1_GENERATOR, r * BLS_G1_GENERATOR)`. This allows for non-interactive tracker registrations from validator pubkeys, removing ~50 lines the code. It also significantly reduces the amount of state overhead. This PR also removes permutation commitments, though those can be easily readded if deemed necessary.
@asn-d6: Readded a consistency check for `IsValidWhiskOpeningProof` (involving `pubkey` instead of `k_commitment`).
This needs its own ethresearch post, and some additional analysis to see if we can do the shuffle ZKP in the allowed timeframe. This reverts commit 8517aca.
Ditch the Feistel logic and instead have each shuffler pick the row they shuffle using their RANDAO reveal.
This commit further simplifies 0faef30 by removing the entire squareshuffle. The latest version of https://eprint.iacr.org/2022/560 proposes that each shuffler picks random indices from the entire candidate set instead of organizing validators into a square.
9e68294
to
670845b
Compare
2ef68e2
to
e9445bb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the updates @dapplion . LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some minor suggestions.
It's good to merge this alpha version. Thank you @dapplion!
def is_k_commitment_unique(state: BeaconState, k_commitment: BLSG1Point) -> bool: | ||
return all([validator.whisk_k_commitment != k_commitment for validator in state.validators]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function looks scary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
scary due to its syntax, efficiency or else? If the former should I use a for loop?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. Let's use a for loop?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apologies for the confusion. I was scared by the efficiency. IIUC Python all()
is like for loop implementation, it returns False
immediately once it finds validator.whisk_k_commitment == k_commitment
. But it scares me as it is used in the while True
of get_unique_whisk_k
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Regarding efficiency: Yes on a deposit this requires a full loop over the validator list. But a naive implementation of the beacon chain already requires that to check if the pubkey of a deposit has been seen before or not. This addition will require clients to mantain cached set of k_commitment to avoid that loop if they choose. AFAIK spec should not be concerned with computational efficiency but correctness, and the current whisk spec new k_commitment to be unique.
Regarding syntax: the all syntax is pretty readable, I can switch to a for loop, but the current implementation is simpler IMO
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed, the efficiency hit here can be salvaged using a hash map of all k_commitments
. When writing the spec here with @JustinDrake, we tried to focus on correctness/readability over optimizations, hence the loop here.
1ea91d4
to
45fce04
Compare
* Introduce consensus code for Whisk * polish, simplify, clean up (~100 fewer lines) @asn-d6: As discussed, I fixed a few bugs along the way but likely also introduced some bugs :) * minor cleanups and fixes * simplify is_k_commitment_unique * Update beacon-chain.md * Update beacon-chain.md * Initialize `k` in `get_validator_from_deposit()` * minor cleanups * Update beacon-chain.md * Create beacon-chain.md This PR changes the Whisk tracker format to be of the form `(r * pubkey, r * BLS_GT_GENERATOR)` instead of `(r * k * BLS_G1_GENERATOR, r * BLS_G1_GENERATOR)`. This allows for non-interactive tracker registrations from validator pubkeys, removing ~50 lines the code. It also significantly reduces the amount of state overhead. This PR also removes permutation commitments, though those can be easily readded if deemed necessary. * A couple of fixes to the no-registration simplification @asn-d6: Readded a consistency check for `IsValidWhiskOpeningProof` (involving `pubkey` instead of `k_commitment`). * remove unused helpers * use Mary's suggested tracker * Update beacon-chain.md * Revert G_t element optimization This needs its own ethresearch post, and some additional analysis to see if we can do the shuffle ZKP in the allowed timeframe. This reverts commit 8517aca. * Implement new shuffling strategy Ditch the Feistel logic and instead have each shuffler pick the row they shuffle using their RANDAO reveal. * Curdleproofs edits * working whisk eth2spec * working whisk dummy test * add more boilerplate set up code * rebase constants * Implement even newer and simplified shuffling strategy This commit further simplifies 0faef30 by removing the entire squareshuffle. The latest version of https://eprint.iacr.org/2022/560 proposes that each shuffler picks random indices from the entire candidate set instead of organizing validators into a square. * Move to _features * remove dummy test * Run doctoc * Change Whisk's previous fork to Capella instead of Bellatrix. Make linter happier. * Fix lint * Fix pylint * Fix mypy issues * Clean-up get_beacon_proposer_index * Fix doc headers * Fix capella link * Update apply_deposit * Rename process_shuffled_trackers --------- Co-authored-by: George Kadianakis <desnacked@riseup.net> Co-authored-by: Justin <drakefjustin@gmail.com> Co-authored-by: Nalin Bhardwaj <nalinbhardwaj@nibnalin.me> Co-authored-by: Hsiao-Wei Wang <hsiaowei.eth@gmail.com>
Preserved original commits for context and history, since they contain relevant remarks and design decisions.
In detail the branch
dapplion:consensus-specs:whisk-curdleproofs
process is:git checkout nalinbhardwaj:whisk-curdleproofs
git rebase ethereum:dev
Resolve conflicts manually, dropping all changes on these files
configs/mainnet.yaml
configs/minimal.yaml
tests/core/pyspec/eth2spec/merge/__init__.py
tests/core/pyspec/eth2spec/merge/mainnet.py
tests/core/pyspec/eth2spec/merge/minimal.py
tests/core/pyspec/eth2spec/test/altair/unittests/test_config_override.py
tests/core/pyspec/eth2spec/test/context.py
tests/core/pyspec/eth2spec/test/helpers/constants.py
tests/core/pyspec/eth2spec/test/helpers/genesis.py
tests/core/pyspec/eth2spec/test/whisk/__init__.py
tests/core/pyspec/eth2spec/test/whisk/unittests/__init__.py
Two final commits to move whisk spec to _features and remove dummy test.
Next steps
@hwwhww should I also drop changes to
setup.py
? We can merge the spec not executable first, and make executable latter. In parallel propose improvements tonalinbhardwaj:whisk-curdleproofs
and add spec tests